64 matches found
CVE-2024-47902
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not authenticate GET requests...
CVE-2024-47902
CVE-2024-47902 affects Siemens InterMesh 7177 Hybrid 2.0 Subscriber (all versions < 8.2.12) and InterMesh 7707 Fire Subscriber (all versions
CVE-2024-47901
CVE-2024-47901 concerns InterMesh 7177 Hybrid 2.0 Subscriber (all versions < V8.2.12) and InterMesh 7707 Fire Subscriber (all versions
CVE-2024-47901
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not sanitize the input paramete...
CVE-2024-47901
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber All versions V8.2.12, InterMesh 7707 Fire Subscriber All versions V7.2.12 only if the IP interface is enabled which is not the default configuration. The web server of affected devices does not sanitize the input paramete...
Siemens InterMesh 7177和Siemens InterMesh 7707 安全漏洞
InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. A security vulnerability exists in Siemens InterMesh Subscriber Devices, which can be exploited by an attacker to write arbitrary files to the web server's DocumentRoot directory...
Siemens InterMesh 7177和Siemens InterMesh 7707 访问控制错误漏洞
InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. A security vulnerability exists in Siemens InterMesh Subscriber Devices due to a web server in the affected devices that does not authenticate a GET request that executes a specifi...
Siemens InterMesh 7177和Siemens InterMesh 7707 安全漏洞
InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. An incorrect privilege assignment vulnerability exists in Siemens InterMesh Subscriber Devices, which is due to an affected device containing a SUID binary file that can be exploit...
Siemens InterMesh 7177和Siemens InterMesh 7707 操作系统命令注入漏洞
InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. An operating system command injection vulnerability exists in Siemens InterMesh Subscriber Devices, which can be exploited by an attacker to execute arbitrary code with root...
PT-2024-32880 · Intermesh · Intermesh 7177 Hybrid 2.0 Subscriber +1
Name of the Vulnerable Software and Affected Versions: InterMesh 7177 Hybrid 2.0 Subscriber versions prior to 8.2.12 InterMesh 7707 Fire Subscriber versions prior to 7.2.12 Description: A vulnerability has been identified that could allow an authenticated local attacker to execute arbitrary...
Siemens InterMesh Subscriber Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
JVN#63567545: Group Office vulnerable to cross-site scripting
Group Office provided by Intermesh BV contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product. Solution Update the Application Update the application to the latest version according to...
CVE-2023-25292
Reflected Cross Site Scripting XSS in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GOLANGUAGE cookie...
Cross site scripting
Reflected Cross Site Scripting XSS in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GOLANGUAGE cookie...
CVE-2023-25292
Reflected Cross Site Scripting XSS in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GOLANGUAGE cookie...
Intermesh BV Group Office 跨站脚本漏洞
Intermesh BV Group Office is an enterprise CRM and groupware tool from Intermesh BV open source. A security vulnerability exists in Intermesh BV Group Office version 6.6.145. An attacker can exploit the vulnerability to elevate privileges and obtain sensitive information via the GOLANGUAGE cookie...
CVE-2023-25292
Reflected Cross Site Scripting XSS in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GOLANGUAGE cookie...
CVE-2023-25292
Group-Office (Intermesh BV) has a Reflected XSS in version 6.6.145 where the GO_LANGUAGE cookie can be manipulated to inject script, potentially exposing sensitive data and enabling privilege escalation. Root cause: improper handling/encoding of the GO_LANGUAGE cookie leads to reflected script in...
Group-Office命令注入和SQL注入漏洞
Bugtraq ID: 48941 CNCAN ID:CNCAN-2011080103 Group-Office是一个基于Web的办公套件,其功能包括用户管理、模块管理、邮件客户端、 文件管理器、日程、项目管理以及客户关系管理等等。 Group-Office存在多个安全漏洞,允许攻击者进行SQL注入攻击或以WEB权限执行任意命令。 -部分未明输入在用于SQL查询时缺少正确过滤,攻击者可以利用漏洞注入任意SQL操作数据库或获得敏感信息。 -部分输入在使用之前缺少过滤,攻击者可以利用漏洞注入和执行任意命令。 Intermesh Group-Office 3.7.23 厂商解决方案...
CVE-2010-3428
SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a category action...